[Date Prev][Date Next]
Re: (ITS#5354) slapd repeatedly hangs and stops reponding
- To: Oren Laadan <firstname.lastname@example.org>
- Subject: Re: (ITS#5354) slapd repeatedly hangs and stops reponding
- From: Howard Chu <email@example.com>
- Date: Fri, 08 Feb 2008 11:28:55 -0800
- Cc: OpenLDAP Software List <firstname.lastname@example.org>
- In-reply-to: <47ACAAC9.email@example.com>
- References: <200802080137.m181bVvl070754@boole.openldap.org> <47ABFF9E.firstname.lastname@example.org> <47AC784D.email@example.com> <47AC835F.firstname.lastname@example.org> <47AC9B1B.email@example.com> <47AC9E81.firstname.lastname@example.org> <47ACAAC9.email@example.com>
- User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b3pre) Gecko/2008013117 SeaMonkey/2.0a1pre
Oren Laadan wrote:
Howard Chu wrote:
You haven't provided any information to explain why you cannot structure
your additional entries as a distinct subtree. You're still just
handwaving when we ask for concrete examples of the entries involved.
Clearly I'm new to LDAP. Please indicate what information is missing,
I'll be happy to provide, even the local database (my .ldif file) and
sample queries from the remote server. Just name it.
Taking a step back: we have a departmental LDAP server for user auth,
(posix) groups, autofs maps and so on. In my group, we add to the DB
groups and autofs maps that do not exist on the remote server, so a
user on our machines can belong to additional groups.
I am not arguing that I cannot structure it differently. I simply do
not know if I can structure it differently. Ideally I could add entries
to the remote database, but that is impossible. The remote server
gives DN dc=MAIN,dc=EXAMPLE,dc=COM, which is what I made the local
server give (via the meta backend) and which is what the clients are
using as their base DN.
Since it appears that you just need to make your data work with
pam_ldap/nss_ldap I suggest you (1) keep your local data in a distinct subtree
and (2) read the pam/nss_ldap documentation regarding the use of multiple
service search descriptors. There's no reason to be using suffixmassage here.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/